Abstract

A novel fabric switch is provided. The switch includes a tunnel management apparatus that maintains a local inter-switch tunnel and an inter-fabric tunnel. The local inter-switch tunnel facilitates communication to a switch in a local fabric switch. The inter-fabric tunnel facilitates communication to a remote fabric switch. The switch further includes a packet header management apparatus that decapsulates a packet received from the local inter-switch tunnel and encapsulates the packet with a new tunnel header for transmission over the inter-fabric tunnel.

Description

RELATED APPLICATION

This application claims the benefit of U.S. Provisional Application No. 62/264,267, titled “Interconnection of Switches Based on Hierarchical Overlay Tunneling,” by inventor Phanidhar Koganti, filed 7 Dec. 2015, the disclosure of which is incorporated by reference herein.

BACKGROUND

Field

This disclosure relates to communication networks. More specifically, the present disclosure relates to a system and method for a constructing a scalable switching system based on hierarchical overlay tunneling.

Related Art

The exponential growth of the Internet has made it a popular delivery medium for a variety of applications running on physical and virtual devices. Such applications have brought with them an increasing demand for bandwidth. As a result, equipment vendors race to build larger and faster switches with versatile capabilities, such as network virtualization and multi-tenancy, to accommodate diverse network demands efficiently. However, the size of a switch cannot grow infinitely. It is limited by physical space, power consumption, and design complexity, to name a few factors. Furthermore, switches with higher capability are usually more complex and expensive. More importantly, because an overly large and complex system often does not provide economy of scale, simply increasing the size and capability of a switch may prove economically unviable due to the increased per-port cost.

One way to increase the throughput of a switch system is to use layer-2 switch stacking. In switch stacking, multiple smaller-scale, identical switches are interconnected in a special pattern to form a larger logical switch. However, switch stacking requires careful configuration of the ports and inter-switch links. The amount of required manual configuration becomes prohibitively complex and tedious when the stack reaches a certain size, which precludes switch stacking from being a practical option in building a large-scale switching system. Furthermore, a system based on stacked switches often has topology limitations which restrict the scalability of the system due to bandwidth considerations.

A flexible way to improve the scalability of a switch system is to build an interconnection of switches that can be controlled in a cohesive way, these switches can often share a single logical chassis, or a single control plane (referred to as “fabric switch”). A fabric switch is a collection of individual member switches. These member switches form a network of interconnected switches that can have an arbitrary number of ports and an arbitrary topology. As demands grow, customers can adopt a “pay as you grow” approach to scale up the capacity of the fabric switch.

While a fabric switch brings desirable features, some issues remain unsolved in efficient formation and data transportation of a scalable fabric switch. One challenge that remains is that as layer-2 networks become more ubiquitous, extended layer-2 broadcast domains are hosting an increasing number of medium-access-control (MAC) addresses. In addition, the emergence of cloud computing based on virtual machines exacerbates the grown of the number of MAC addresses. How to manage such a large number of MAC addresses, while providing the capability of handling a large amount of layer-2 traffic, remains a main challenge for network equipment vendors.

SUMMARY

One embodiment of the present invention provides a switch. The switch includes a tunnel management apparatus that maintains a local inter-switch tunnel and an inter-fabric tunnel. The local inter-switch tunnel facilitates communication to a switch in a local fabric switch. The inter-fabric tunnel facilitates communication to a remote fabric switch. The switch further includes a packet header management apparatus that decapsulates a packet received from the local inter-switch tunnel and encapsulates the packet with a new tunnel header for transmission over the inter-fabric tunnel.

In a variation on this embodiment, the switch manages an edge tunnel which facilitates communication with an end host.

In a variation on this embodiment, the new tunnel header includes an identifier for a destination remote fabric switch.

In a variation on this embodiment, the new tunnel header includes a network service header

In a variation on this embodiment, the switch stores a mapping between a medium access control (MAC) address and a virtual tunnel endpoint.

In a variation on this embodiment, the switch stores a mapping between a MAC address and a remote fabric identifier.

In a variation on this embodiment, the switch precludes a packet received from an intra-fabric tunnel from being forwarded onto another intra-fabric tunnel.

In a variation on this embodiment, the switch loads a MAC address in the forwarding hardware of the switch in response to identifying the MAC address in a packet.

BRIEF DESCRIPTION OF THE FIGURES

FIG. 1A illustrates an exemplary fabric switch architecture, in accordance with an embodiment of the present invention.

FIG. 1B illustrates an exemplary forwarding policy with hierarchical overlay tunnel groups, in accordance with an embodiment of the present invention.

FIG. 1C illustrates an exemplary switch identifier mapping table, in accordance with an embodiment of the present invention.

FIG. 1D illustrates an exemplary virtual local area network (VLAN) mapping table, in accordance with an embodiment of the present invention.

FIG. 2A presents a flowchart illustrating an exemplary process of a switch establishing intra-fabric tunnels in a fabric switch, in accordance with an embodiment of the present invention.

FIG. 2B presents a flowchart illustrating an exemplary process of a switch mapping switch identifiers to forwarding information, in accordance with an embodiment of the present invention.

FIG. 2C presents a flowchart illustrating an exemplary process of a switch maintaining conversational MAC addresses in forwarding hardware, in accordance with an embodiment of the present invention.

FIG. 3A illustrates an exemplary packet header configuration for carrying fabric switch identifier, in accordance with an embodiment of the present invention.

FIG. 3B illustrates an exemplary packet header configuration for carrying fabric switch identifier, in accordance with an embodiment of the present invention.

FIG. 3C illustrates an exemplary process of forwarding a packet from end to end across fabric switches, in accordance with an embodiment of the present invention.

FIG. 4A presents a flowchart illustrating an exemplary process of a switch forwarding a packet received from an edge port, in accordance with an embodiment of the present invention.

FIG. 4B presents a flowchart illustrating an exemplary process of a switch forwarding a packet received from a tunnel, in accordance with an embodiment of the present invention.

FIG. 4C presents a flowchart illustrating an exemplary process of a backbone node forwarding a multi-destination packet received from a tunnel, in accordance with an embodiment of the present invention.

FIG. 5A illustrates an exemplary multi-chassis link aggregation group (MLAG) with a virtual tunnel endpoint, in accordance with an embodiment of the present invention.

FIG. 5B presents a flowchart illustrating an exemplary process of a switch forwarding a packet received from an MLAG, in accordance with an embodiment of the present invention.

FIG. 5C presents a flowchart illustrating an exemplary process of a backbone node forwarding a packet with an MLAG identifier, in accordance with an embodiment of the present invention.

FIG. 6 illustrates an exemplary configuration of a fabric switch based on hierarchical overlay tunnels, in accordance with an embodiment of the present invention.

FIG. 7 illustrates an exemplary member switch in an IP-based fabric switch, in accordance with an embodiment of the present invention.

In the figures, like reference numerals refer to the same figure elements.

DETAILED DESCRIPTION

The following description is presented to enable any person skilled in the art to make and use the invention, and is provided in the context of a particular application and its requirements. Various modifications to the disclosed embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be applied to other embodiments and applications without departing from the spirit and scope of the present invention. Thus, the present invention is not limited to the embodiments shown, but is to be accorded the widest scope consistent with the claims.

Overview

In embodiments of the present invention, the problem of building a versatile, cost-effective, and scalable layer-2 switching system is solved by forming a topology agnostic fabric switch based on an underlay layer-3 protocol with hierarchical overlay tunneling. This new fabric switch architecture can include one or more fabric switches, interconnected by an underlay network that can be based on existing layer-3 and tunneling protocols, such as IP and virtual extensible LAN (VXLAN), as well as proprietary protocols. Each fabric switch can include a number of physical switches, interconnected by a similar underlay network using the same layer-3 and tunneling protocols. As described in more details in later sections of this disclosure, the problem of handling a large number of MAC address in an extended layer-2 broadcast domain is solved by having a hierarchical tunneling mechanism and a label-based fabric-wise address aggregation mechanism.

Within a fabric switch, a fully meshed logical topology can be established among all the switches using the underlay tunneling protocol. In other words, any two switches within a fabric can communicate with each other via a direct logical link, or intra-fabric tunnel, based on this fully meshed logical topology. In particular, when these switches implement layer-2 functionalities, they can form an Ethernet fabric. As a result, an Ethernet broadcast domain can reach every switch within the fabric based on this fully meshed logical topology.

When multiple fabric switches are interconnected, and a layer-2 broadcast domain is extended across more than one fabric switch, inter-fabric tunnels can be established to facilitate inter-fabric communication. Packets leaving one fabric can be encapsulated in these inter-fabric tunnels, and transported to the remote fabric. Each fabric can have one or more inter-fabric gateways, which can be responsible for maintaining these inter-fabric tunnels.

One challenge is building a large layer-2 broadcast domain is how to manage a large number of MAC address that are expected to be reachable within the broadcast domain, and the associated MAC address learning. One way to solve this problem is to associate all the MAC address within a fabric switch with a label for this fabric, which can also function as an identifier for the fabric. When an Ethernet packet enters a fabric, its destination address (DA) is mapped to the corresponding destination fabric's label, and forwarded toward the remote fabric based on this destination fabric's label. Once the packet reaches the destination fabric, it is decapsulated from the inter-fabric tunnel, and forwarded toward the destination egress switch using an intra-fabric tunnel.

There are a number of ways to establish the mapping relationship between a MAC DA and a fabric ID (i.e., the fabric's label). This mapping can be done in the data plane by learning from an initial broadcast packet, during which process a packet's MAC source address (SA) is mapped to its source fabric ID. This information can also be distributed in the control plane, using a control protocol, when one or more MAC addresses are associated with a remote fabric. A third approach is to use a combination of both data-plane and control-plane based methods, which allows a local fabric to learn the MAC-to-fabric-ID mapping in a remote fabric based on local learning and/or a control-plane message.

The aforementioned hierarchical overlay tunneling mechanism and the label-based address aggregation mechanism can provide a versatile and scalable fabric switching solution that solves many of the challenges present in the current fabric architectures.

It should be noted that a fabric switch is not the same as conventional switch stacking. In switch stacking, multiple switches are interconnected at a common location (often within the same rack), based on a particular topology, and manually configured in a particular way. These stacked switches typically share a common address, e.g., an IP address, so they can be addressed as a single switch externally. Furthermore, switch stacking requires a significant amount of manual configuration of the ports and inter-switch links. The need for manual configuration prohibits switch stacking from being a viable option in building a large-scale switching system. The topology restriction imposed by switch stacking also limits the number of switches that can be stacked. This is because it is very difficult, if not impossible, to design a stack topology that allows the overall switch bandwidth to scale adequately with the number of switch units.

In contrast, a fabric switch can include an arbitrary number of switches with individual addresses, can be based on an arbitrary physical topology, and does not require extensive manual configuration. The switches can reside in the same location, or be distributed over different locations. These features overcome the inherent limitations of switch stacking and make it possible to build a large “switch farm,” which can be treated as a single, logical switch. Due to the automatic configuration capabilities of the fabric switch, an individual physical switch can dynamically join or leave the fabric switch without disrupting services to the rest of the network.

Furthermore, the automatic and dynamic configurability of the fabric switch allows a network operator to build its switching system in a distributed and “pay-as-you-grow” fashion without sacrificing scalability. The fabric switch's ability to respond to changing network conditions makes it an ideal solution in a virtual computing environment, where network loads often change with time.

It should also be noted that a fabric switch is distinct from a VLAN. A fabric switch can accommodate a plurality of VLANs. A VLAN is typically identified by a VLAN tag. In contrast, the fabric switch is identified by a fabric identifier (e.g., a cluster identifier), which is assigned to the fabric switch. Since a fabric switch can be represented as a logical chassis, the fabric identifier can also be referred to as a logical chassis identifier. A respective member switch of the fabric switch is associated with the fabric identifier. In some embodiments, a fabric switch identifier is pre-assigned to a member switch. As a result, when the switch joins a fabric switch, other member switches identifies the switch to be a member switch of the fabric switch.

In this disclosure, the term “fabric switch” refers to a number of interconnected physical switches which can form a single, scalable network of switches. The member switches of the fabric switch can operate as individual switches. The member switches of the fabric switch can also operate as a single logical switch in the provision and control plane, the data plane, or both. “Fabric switch” should not be interpreted as limiting embodiments of the present invention to a plurality of switches operating as a single, logical switch. In this disclosure, the terms “fabric switch” and “fabric” are used interchangeably.

Although the present disclosure is presented using examples based on an encapsulation protocol, embodiments of the present invention are not limited to networks defined using one particular encapsulation protocol associated with a particular Open System Interconnection Reference Model (OSI reference model) layer. For example, embodiments of the present invention can also be applied to a multi-protocol label switching (MPLS) network. In this disclosure, the term “encapsulation” is used in a generic sense, and can refer to encapsulation in any networking layer, sub-layer, or a combination of networking layers.

The term “end host” can refer to any device external to a network (e.g., does not perform forwarding in that network). Examples of an end host include, but are not limited to, a physical or virtual machine, a conventional layer-2 switch, a layer-3 router, or any other type of network device. Additionally, an end host can be coupled to other switches or hosts further away from a layer-2 or layer-3 network. An end host can also be an aggregation point for a number of network devices to enter the network. An end host hosting one or more virtual machines can be referred to as a host machine. In this disclosure, the terms “end host” and “host machine” are used interchangeably.

The term “VLAN” is used in a generic sense, and can refer to any virtualized network. Any virtualized network comprising a segment of physical networking devices, software network resources, and network functionality can be can be referred to as a “VLAN.” “VLAN” should not be interpreted as limiting embodiments of the present invention to layer-2 networks. “VLAN” can be replaced by other terminologies referring to a virtualized network or network segment, such as “Virtual Private Network (VPN),” “Virtual Private LAN Service (VPLS),” or “Easy Virtual Network (EVN).”

The term “packet” refers to a group of bits that can be transported together across a network. “Packet” should not be interpreted as limiting embodiments of the present invention to layer-3 networks. “Packet” can be replaced by other terminologies referring to a group of bits, such as “frame,” “cell,” or “datagram.”

The term “switch” is used in a generic sense, and can refer to any standalone or fabric switch operating in any network layer. “Switch” can be a physical device or software running on a computing device. “Switch” should not be interpreted as limiting embodiments of the present invention to layer-2 networks. Any device that can forward traffic to an external device or another switch can be referred to as a “switch.” Examples of a “switch” include, but are not limited to, a layer-2 switch, a layer-3 router, a TRILL RBridge, or a fabric switch comprising a plurality of similar or heterogeneous smaller physical switches.

The term “edge port” refers to a port on a network which exchanges data frames with a device outside of the network (i.e., an edge port is not used for exchanging data frames with another member switch of a network). The term “inter-switch port” refers to a port which sends/receives data frames among member switches of the network. A link between inter-switch ports is referred to as an “inter-switch link.” The terms “interface” and “port” are used interchangeably.

The term “switch identifier” refers to a group of bits that can be used to identify a switch. Examples of a switch identifier include, but are not limited to, a media access control (MAC) address, an Internet Protocol (IP) address, an RBridge identifier, or a combination thereof. In this disclosure, “switch identifier” is used as a generic term, is not limited to any bit format, and can refer to any format that can identify a switch.

The term “tunnel” refers to a data communication where one or more networking protocols are encapsulated using another networking protocol. Although the present disclosure is presented using examples based on a layer-3 encapsulation of a layer-2 protocol, “tunnel” should not be interpreted as limiting embodiments of the present invention to layer-2 and layer-3 protocols. A “tunnel” can be established for and using any networking layer, sub-layer, or a combination of networking layers.

An “intra-fabric tunnel” refers to a tunnel established between switches belonging to a common fabric switch. An “inter-fabric tunnel” refers to a tunnel established between two fabric switches, typically between two backbone nodes residing in respective fabrics. An “edge tunnel” is a tunnel established between a switch and an end host.

Network Architecture

FIG. 1A illustrates an exemplary fabric switch architecture, in accordance with an embodiment of the present invention. In this example, the architecture includes a fabric switch 104, a backbone fabric switch 106, and a fabric switch 108. Here, fabric switches 104 and 108 are coupled to end hosts via edge ports, and hence, can be referred to as edge fabric switches.

Fabric switch 104 includes a number of switches, such as switches 105 and 107. In one embodiment, each switch within fabric 104 can form an intra-fabric tunnel with every other switch within the same fabric, thereby achieving a fully meshed logical topology. Various tunneling techniques can be used. For example, a tunnel can be established using the VXLAN protocol. Other tunneling protocols, such as generic routing encapsulation (GRE), layer-2 tunneling protocol (L2TP), multi-protocol label switching (MPLS), etc., can also be used to establish the intra-fabric tunnels. As a result of this fully-meshed logical topology, any switch within fabric 104 can reach another switch in the same fabric with only one hop through the corresponding tunnel. In the case where VXLAN is used as a tunneling protocol, a tunnel can be identified by the tuple {source_IP, destination_IP, source_port, destination_port}, where source_IP is the source switch's IP address, destination_IP is the destination swtich's IP address, source_port is the source switch's UDP port, and destination_port is the destination switch's UDP port (since VXLAN uses UDP as a transport-layer protocol). Other ways for identifying the tunnels are also possible. In some embodiments, source_port is generated from a hash value of one of fields in the tuple.

An end host 102 can be coupled to fabric 104 via a multi-chassis link aggregation group (MLAG) 112, which is a logical link that includes two physical links coupling switches 107 and 105, respectively. MLAG 112 provides a physical-link redundancy for end host 102. If one of the two links fails, the other link can remain operational. In addition, switch 107 and 105 can form a virtual tunnel endpoint (VTEP) 114, which can present itself as a virtual switch with a virtual IP address. In some embodiments, end host 102 can form an edge tunnel 116 with VTEP 114. For end host 102, VTEP 114 can function like any other switch in fabric 104, and MLAG 112 can function like a regular link for purposes of forwarding traffic from and to end host 102.

During operation, edge tunnel 116 may be established between end host 102 and switch 107. If a failure occurs, tunnel 116 can be moved to the working link with minimal disruption to transmission. Similarly, an end host 103 can be coupled to fabric 104 via an MLAG 115, which is a logical link that includes two physical links coupling switches 107 and 105, respectively. The same VTEP 114 can receive and forward packets via MLAGs 112 and 115. As a result, the virtual IP address of VTEP 114 can serve as the VTEP address for both MLAGs 112 and 115.

Note that fabric switch 104 can function as a logical layer-2 switch, which allows multiple end hosts connected to fabric 104 to be on a common Ethernet broadcast domain, as long as these end hosts are configured with a common VLAN. Also note that an end host may be a physical host, or may be a machine hosting multiple virtual machines. Furthermore, a hypervisor that controls multiple virtual machines on a physical host can include a virtual switch. This virtual switch can be part of fabric switch 104, and establish intra-fabric tunnels with every other switch in fabric 104, thereby being part of the full-mesh logical topology.

As shown in the example in FIG. 1A, backbone network 106 can interconnect multiple fabric switches, such as fabric 104 and fabric 108. Fabric 104 can include a switch 121, which participates in both fabric 104 and backbone fabric 106 (or backbone 106). Such a switch can be referred to as a backbone node. Similarly, fabric 108 can include a backbone node 123, which participates in both fabric 108 and backbone 106. For traffic between fabric 104 and fabric 106, an inter-fabric tunnel 120 can be established between switch 121 and switch 123. Inter-fabric tunnel 120 allows the Ethernet broadcast domain in fabric 104 to be extended to fabric 108. In this example, similar to end host 102, an end host 110 is coupled to fabric 108 using an MLAG 112. MLAG 112 can be formed between end host 110 and switches 111 and 113. Switches 111 and 113 jointly form a VTEP 110. In one embodiment, end host 110 forms an edge tunnel 124 with VTEP 110.

In a conventional switched Ethernet network, a switch forwards a received Ethernet packet based on its MAC DA, assuming that the switch has previously learned which output port to use for that MAC DA, based on prior packets originated from that MAC DA. However, in an extended Ethernet broadcast domain that spans over multiple fabric switches, such as fabrics 104 and 108, it might be impossible for a single switch to maintain reachability information for all the MAC addresses associated with a broadcast domain, especially when an end host can accommodate multiple virtual machines. Also, forwarding based only on MAC DA can have a similar scalability problem because of the large MAC address space.

To solve these problems, in some embodiments of the present invention, each fabric is identified by a unique label, or identifier. A source fabric label and destination fabric label can be included in the tunnel encapsulation header. For intra-fabric traffic, i.e., packets whose MAC SA and MAC DA both reside in the same fabric, the packet's source fabric label and destination fabric label are the same. When a switch receives a packet from an intra-fabric tunnel, the switch can inspect the destination fabric label. If the label is the same as the local fabric's label, the switch can decapsulate the packet from the tunnel header, and forward the Ethernet packet based on its MAC DA. If the packet's destination fabric label is not the local fabric's label, the switch can decapsulate the packet, re-encapsulate the packet in an inter-fabric tunnel header, and transmit the packet via the appropriate inter-fabric tunnel.

For example, suppose that end host 102 sends a packet to end host 110. Assume also that end host 102 does not contain a virtual switch that participates in fabric 104. End host 102 would generate an Ethernet packet, which can include an inner IP packet for end host 110, with end host 110's MAC address as its MAC DA, and sends the packet via edge tunnel 116. Note that at this point the packet does not contain any fabric label information. When the packet arrives at switch 107, which functions as an ingress switch for fabric 104, switch 107 decapsulates the packet and inspects its MAC DA. Switch 107 then determines that the MAC DA corresponds to fabric 108 (mechanisms for distributing the MAC-to-fabric-label mapping information are described in more details in later sections of this disclosure).

Accordingly, switch 107 determines that the packet would need to be sent to backbone node 121, since the packet is destined to a remote fabric. Switch 107 then encapsulates the packet with a tunnel header that includes fabric 104's label as its source fabric label, and fabric 108's label as its destination label, and transmits the packet onto intra-fabric tunnel 118, which leads to backbone node 121. Fabric 104 can also facilitate separation of customer traffic. For example, if end hosts 102 and 103 belong to two different customers, fabric 104 can allocate separate tunnels segments of tunnel 118 for traffic from end hosts 102 and 103. Switches 105 and 107 can map service and customer VLAN identifiers of end hosts 102 and 103 to respective tunnel segment identifiers. In some embodiments, tunnel 118 is a VXLAN tunnel and a tunnel segment identifier is a VXLAN network identifier (VNI).

After receiving the packet, switch 121 first inspects the packet's tunnel header to determine the destination fabric label. Because the destination fabric label is not the same as the fabric 104's label, switch 121 decapsulates the packet from the header for intra-fabric tunnel 118, and encapsulates the packet in a new tunnel header for inter-fabric tunnel 120, which leads to backbone node 123 for fabric 108. Note that the new tunnel header also indicates fabric 108's label as the destination fabric label. Switch 121 then transmits the packet onto inter-fabric tunnel 120.

When switch 123 receives the packet, switch 123 inspects the packet's destination fabric label, which is the same as fabric 108's label. Switch 123 then determines that the packet is destined to a MAC address within fabric 108. Accordingly, switch 123 decapsulates the packet and inspects the inner Ethernet's MAC DA, which is the MAC address for end host 110. Based on this MAC DA, switch determines that the packet should be sent to egress switch 113. Correspondingly, switch 123 encapsulates the packet with a tunnel header corresponding to intra-fabric tunnel 122, and sends the packet onto tunnel 122.

Subsequently, when the packet arrives at switch 113, switch 113 determines that the destination fabric label is the same label for fabric 108. Hence, switch 113 decapsulates the packet and looks up the inner Ethernet packet's MAC DA. As a result of the look-up, switch 113 determines that the packet is destined to end host 110, which is coupled to VTEP 110 via tunnel 124. Accordingly, switch 113 encapsulates the packet with a tunnel header corresponding to tunnel 124, and delivers the packet to end host 110. If the packet were destined for end host 101, which is coupled to fabric 108 via an edge port without a tunnel (e.g., tunnel 124), switch 113 would have forwarded the packet to end host 101 via the edge port based on the MAC DA without encapsulating the packet.

In some embodiments, switch 113 can operate as the IP gateway for end host 101 (e.g., the gateway address provided by a Dynamic Host Configuration Protocol (DHCP) server). As a result, Ethernet frames from end host 101 can be destined to switch 113. Suppose that end host 101 sends a packet to end host 102. End host 101 encapsulates the packet in an Ethernet header and sends the Ethernet frame to switch 113. Upon receiving the frame, switch 113 removes the Ethernet header and promotes the payload, which is the IP packet, for layer-3 processing. A switch in a fabric switch can maintain forwarding information mapped to an IP address of an end host as well as the MAC address. Hence, switch 113 can forward the packet to end host 102 via tunnel 122 based on the forwarding information mapped to the IP address of end host 102.

Note that in the above example use case, the backbone nodes are individual switches. In some embodiments, the backbone node can also be a distributed, virtual switch, similar to VTEP 114 and VTEP 110. In addition, there can be multiple backbone nodes in a fabric. One backbone node may be responsible for forwarding traffic to one subset of remote fabrics, and another backbone node may be responsible for forwarding traffic another subset remote fabrics. Furthermore,

Distribution of Reachability Information and Loop Prevention

As mentioned above, in general, there can be three hierarchies of overlay tunnels above the underlay network, namely edge tunnels, intra-fabric tunnels, and inter-fabric tunnels. In addition, once a packet enters a fabric, the packet is transported through tunnels, with its tunnel header carrying a source fabric label and destination fabric label. Forwarding of the fabric between tunnels can be done based on the destination fabric label.

When a packet enters a fabric via an ingress switch, this ingress switch is responsible for generating the packet's tunnel header, which includes the source and destination fabric labels. Hence, the ingress switch ideally can maintain a set of mapping information that maps a MAC DA to a fabric label (the fabric label can be the label of the local fabric, or a remote fabric).

For all the MAC address within the local fabric, this MAC-to-fabric-label mapping information can be acquired through MAC address learning. That is, when an end host sends an Ethernet packet to the fabric, the ingress switch can establish a mapping relationship between the Ethernet's MAC SA and the local fabric's label. This mapping information can then be shared among all the switches in the local fabric, thereby allowing future packets with the same MAC as its DA to be forwarded to the end host.

For MAC address associated with a remote fabric, one approach for establishing the MAC-to-fabric-label mapping is to learn the mapping in the data plane, similar to intra-fabric MAC learning. This method, however, might be slow and not scalable, because it depends on previously observed traffic. Before the complete mapping information can be established, packets with unknown MAC DAs would have to be broadcast to the entire broadcast domain (which can include both the local and remote fabrics). As a result, a large amount of traffic flooding could occur.

A second approach to distribute the MAC-to-fabric-label mapping information for MAC addresses located in a remote fabric is to use a distribution protocol in the control plane. For example, with reference to FIG. 1A, when a number of MAC addresses are allocated (e.g., with the deployment of a number of virtual machines) in fabric 108, these MAC addresses and fabric 108's label can be distributed to all the switches in fabric 104 via a control-information distribution protocol. This distribution method can reduce the amount of flooding required for learning unknown MAC addresses. In one embodiment, the Multiprotocol Border Gateway Protocol Ethernet Virtual Private Network (MPBGP-EVPN) protocol can be used to distribute the MAC-to-fabric-label mapping information for a group of MAC addresses in a remote fabric. Details of MPBGP-EVPN can be found at https://tools.ietf.org/html/rfc7432, the disclosure of which is incorporated in its entirety herein. Note that the mapping distribution messages can be sent regularly, or on an as-needed basis. For example, when a new MAC address is added to fabric 108, a new distribution message can be sent to fabric 104 to add this new MAC to the data structure that stores the mapping between MAC addresses and fabric 108's label.

It is also possible to combine the data-plane and control-plane approaches. For example, an initial set of MAC-to-fabric-label mapping information for all the MAC addresses in fabric 108 can be obtained by the switches in fabric 104 via the control plane. When a switch in fabric 104 observes a packet with fabric 108's label as its source fabric label, and a MAC SA that is not currently stored in the mapping-information data structure, the switch can add this new MAC address to the existing group of MAC addresses mapped to fabric 108, and share this information with all the switches in fabric 104.

One important issue in designing a fabric architecture is how to prevent loops. Loops occur when a forwarding decision leads to the packet to be sent to a switch it has visited before. In some embodiments of the present invention, loops can be prevented by restricting the forwarding behavior of a switch. Specifically, within a fabric switch, a switch is precluded from forwarding a packet from a intra-fabric tunnel to another intro-fabric tunnel, or from an inter-fabric tunnel to another inter-fabric tunnel. A switch is allowed to forward packets between an inter-fabric tunnel and an intra-fabric tunnel, between an intra-fabric tunnel and an edge tunnel, and between an inter-fabric tunnel and an edge tunnel. A switch is also allowed to forward packets between two edge tunnels, since the switch might be coupled to two end hosts, and such forwarding can facilitate communication between these two end hosts.

Note that because it is expected that within a fabric a switch can reach any other switch with a direct intra-fabric tunnel, there is no need for forwarding packets between intra-fabric tunnels. Similarly, an inter-fabric tunnel is expected to connect two backbone nodees directly, and there is no need to forward packets from one inter-fabric tunnel to another.

FIG. 1B illustrates an exemplary forwarding policy with hierarchical overlay tunnel groups, in accordance with an embodiment of the present invention. In this example, switch 107 can forward a packet received from end host 102 to an intra-fabric tunnel, such as intra-fabric tunnel 118, which leads to backbone node 121. Switch 107 can also forward the packet to an end host 130 via another edge tunnel 131. It should be noted that a backbone node can participate in a plurality of edge fabrics and a backbone fabric. For example, backbone node 121 can also participate in another edge fabric 140.

After receiving the packet on intra-fabric tunnel, backbone node 121 can forward the packet onto inter-fabric tunnel 120. Here, backbone node 121 is precluded from forwarding the packet onto intra-fabric tunnels of fabric 104, which could lead to formation of loops. However, if the packet is a multi-destination packet, even though backbone node 121 does not forward the packet onto intra-fabric tunnels of fabric 104, backbone node 121 forwards the packet onto intra-fabric tunnels of fabric 140 (e.g., intra-fabric tunnel 142 between backbone node 121 and switch 145 of fabric 140).

Similarly, when backbone node 123 receives the packet, it can only forward the packet onto an intra-fabric switch, and is precluded from sending the packet to another inter-fabric switch.

Forwarding Information

Once a packet enters a fabric, it can be assumed that the packet usually travels along a link while being encapsulated in a tunnel header. This tunnel header can include a source fabric label and a destination fabric label. In one embodiment, this fabric label information is carried in a network service header (NSH). However, a switch in a fabric switch needs to determine which label to use while forwarding a packet.

During operation, a switch, such as switch 107 in FIG. 1A, receives forwarding information of fabric 104 via the control plane (e.g., from a management device). Such information can include a list of MAC addresses of end hosts (e.g., virtual machines and physical servers) coupled to fabric 104. The information also includes which MAC address is reachable via which switch in fabric 104. Similarly, switch 107 can also receive forwarding information of end hosts coupled to remote fabrics, which are coupled via backbone fabric 106 (e.g., fabric 108). However, the forwarding information associated with fabric 108 in switch 107 only indicates that these end hosts are reachable via backbone fabric 106. Switch 107 stores the forwarding information in a switch identifier mapping table.

FIG. 1C illustrates an exemplary switch identifier mapping table, in accordance with an embodiment of the present invention. In this example, an entry in switch identifier mapping table 150 maps switch identifier 152 with a fabric label 154 and a tunnel identifier 156. Switch identifier 152 can be a MAC address, an IP address, or both. The IP address can be obtained from an Address Resolution Protocol (ARP) response message. Tunnel identifier 156 can be an internal and local number of the switch storing table 150, such as an integer value stored in the forwarding hardware of the switch. In some embodiments, a respective backbone node sends a notification message to other switches in an edge fabric indicating that the backbone node is coupled to the backbone fabric. For example, upon receiving the notification message from backbone node 121, switch 107 associates fabric label of backbone 106 with the tunnel identifier of tunnel 118.

In some embodiments, tunnel identifier 156 points to a forwarding data structure 160 (e.g., tunnel identifier 156 operates as the index of data structure 160). Forwarding data structure 160 includes any information that can be used to encapsulate a packet in a tunnel encapsulation header and forward the encapsulated packet via the tunnel identified by tunnel identifier 156. Information in forwarding data structure 160 include, but are not limited to, a destination identifier (e.g., VTEP IP address of the other end of the tunnel), an IP DHCP value, a list of VNI supported by the tunnel, one or more VLANs mapped to a respective VNI, an ARP response information, and an Ethernet priority value.

In some embodiments, the VLANs mapped to a VNI are stored in a separate table. FIG. 1D illustrates an exemplary VLAN mapping table, in accordance with an embodiment of the present invention. VLAN mapping table 170 includes an entry comprising a mapping between a customer VLAN 172 and a VNI 178. In some embodiments, VLAN mapping table 170 can further map service VLAN 174 to VNI 178. VLAN mapping table 170 can be maintained for a respective tunnel and the VNIs supported by the tunnel. VNI 178 can be mapped to one or more customer VLANs and/or one or more service VLANs. This allows a switch to segregate traffic from different clients or different VLANs in the tunnel.

Fabric Formation and MAC Address Management

In the example of FIG. 1A, fabric 104 can be an IP network and a respective switch of fabric 104 runs BGP (or its variation) to determine routes among the switches. When the network converges, switches in fabric 104 have routes among the switches, and hence, establish intra-fabric tunnels in fabric 104. FIG. 2A presents a flowchart illustrating an exemplary process of a switch establishing intra-fabric tunnels in a fabric switch, in accordance with an embodiment of the present invention. During operation, the switch determines the convergence of the fabric (operation 202). The switch then receives the VNIs configured for a respective switch (operation 204). The switch can receive this information from notification messages from other switches or an administrative device (e.g., a network administrator's workstation).

The switch identifies a switch with at least one common VNI (operation 206) and establishes an intra-fabric tunnel with the identified switch (operation 208). The tunnel can be represented by the switch IP address of the identified switch (i.e., the VTEP identifier is the switch IP address). The switch can further generate (or receive) a local and internal tunnel identifier to identify the tunnel. The switch enables a respective common VNI for the established tunnel (operation 210). In this way, the same tunnel can be used for multiple VNIs. The switch then checks whether all switch are checked for common VNI (operation 212). If not, the switch continues to identify another switch with at least one common VNI (operation 206) and establish an intra-fabric tunnel with the identified switch (operation 208).

FIG. 2B presents a flowchart illustrating an exemplary process of a switch mapping switch identifiers to forwarding information, in accordance with an embodiment of the present invention. During operation, the switch receives MAC addresses and their association destination information (operation 252), as described in conjunction with FIG. 1C. The switch identifies the MAC addresses reachable via a remote fabric and maps the identified MAC addresses with the fabric label of the backbone fabric (operation 254). The switch maps the identified MAC addresses with the tunnel identifier(s) of intra-fabric tunnel(s) to backbone node(s) of local and backbone fabric (operation 256). If the switch receives an ARP response for a MAC address, the switch includes the IP address associated with the MAC address in the mapping.

The switch then identifies the MAC addresses reachable via the switches of the local fabric and maps identified MAC addresses with the fabric label of the local fabric (operation 258). The switch maps a respective identified MAC address with the tunnel identifier of the tunnel to the egress switch for the MAC address (i.e., the tunnel via which the MAC address is reachable) (operation 260). The switch then stores the forwarding information (e.g., forwarding information in forwarding data structure 160) of a respective MAC address in association with the corresponding tunnel identifier (operation 262). For example, the switch uses the tunnel identifier as an index to the forwarding information, as described in conjunction with FIG. 1C.

Since a switch can store forwarding information of MAC addresses reachable via both local and remote fabric switches, the number of such MAC addresses can be significant. As a result, such a large number of MAC addresses are not feasible to store in the forwarding hardware (e.g., content-addressable memory (CAM)) of the switch. To solve this problem, the switch can store the forwarding information in a storage device of the switch and load the forwarding information in the forwarding hardware only if the switch is in communication with the MAC address. These MAC addresses can be referred to as conversational MAC addresses.

FIG. 2C presents a flowchart illustrating an exemplary process of a switch maintaining conversational MAC addresses in forwarding hardware, in accordance with an embodiment of the present invention. During operation, the switch identifies a MAC address in a received frame (operation 252) and checks whether the MAC address is in the forwarding hardware of the switch (operation 254). If the MAC address is not in the forwarding hardware, the switch obtains the forwarding information associated with the MAC address from the storage device of the switch (operation 256) and loads the forwarding information in the forwarding hardware of the switch (operation 258).

Forwarding Information and Fabric Label

FIG. 3A illustrates an exemplary packet header configuration for carrying fabric switch identifier, in accordance with an embodiment of the present invention. In this example, it is assumed that the packet is encapsulated in a VXLAN tunnel header. As illustrated in FIG. 3A, a packet 300 includes a payload 302, which is carried in an Ethernet packet with an Ethernet header 304. This Ethernet packet is encapsulated in a VXLAN header 306, which includes a network service header 307.

Outside VXLAN header 306 is a UDP header 308, since VXLAN uses UDB as a transport-layer protocol. Outside UDP header 308 is an IP header 310. Note that the source and destination UDP ports, and source and destination IP addresses, can uniquely identify a VXLAN tunnel. A switch can maintain a data structure that maps intra-fabric MAC addresses to different intra-fabric tunnels using these tuples as unique tunnel identifiers.

Network service header 307 is typically 32 bit wide, and can include a number of fields, such as version and mandatory bits 312, a service path ID and service index field 314, a network platform context field 316, a network shared context field 318, a service platform context field 320, and a service shared context field 322. In one embodiment, network platform context field 316 can include a source fabric label and a destination fabric label, each of which can be 16-bit long.

Note that the fabric label concept can also be used in a fabric architecture that uses other tunneling protocols, or does not use tunnel overlays. For example, a fabric switch can be built on IP forwarding without tunnels, and does not rely on any tunneling protocol. In this case, the fabric label information can be carried without any tunneling header. FIG. 3B illustrates an exemplary packet header configuration for carrying fabric switch identifier, in accordance with an embodiment of the present invention. In this example, a packet 332 includes a payload 322, which is carried in an Ethernet packet with an Ethernet header 324. This Ethernet packet is IP-encapsulated with an IP header 326. A network service header 328 is then placed outside IP header 326 to carry the source and destination fabric labels. An outer Ethernet header 330 is used to encapsulate the entire packet and serves as a data link layer header.

FIG. 3C illustrates an exemplary process of forwarding a packet from end to end across fabric switches, in accordance with an embodiment of the present invention. In this example, an end host 352 is sending an Ethernet packet via two fabrics to an end host 360. During operation, end host 352 sends the packet via an edge tunnel 362 to an ingress fabric switch 354. The packet is encapsulated with a VXLAN header 372 while being transported in edge tunnel 312. Note that VXLAN header 372 does not include the source and destination fabric labels, because end host 352 is not part of a fabric.

After receiving and decapsulating the packet, switch 354 looks up the MAC DA of the inner Ethernet header, and based on the MAC DA determines the destination fabric label. In turn, switch 354 encapsulates the packet with a new tunnel header, which includes an IP header, a UDP header, and a VXLAN header 374. VXLAN header 374 includes a network service header that indicates the source fabric label and destination fabric label. Switch 354 then sends the encapsulated packet to a backbone node 306 via an intra-fabric tunnel 364. Note that VXLAN header 374 may share the same VXLAN network identifier (VNI) as VXLAN header 372.

Upon receiving and decapsulating the packet from intra-fabric tunnel 364, backbone node 356 determines that the packet is destined for a remote fabric based on its destination fabric label. As a result, switch 356 encapsulates the packet with a new tunnel header (i.e., IP and UDP headers) corresponding to inter-fabric tunnel 366, while retaining the same VXLAN header 304, including the network service header as part of VXLAN header 374. Note that by retaining the same VXLAN header 374, the packet retains the same source and destination fabric labels, which allow the packet to be forwarded through the fabrics.

Switch 356 then sends the packet onto an inter-fabric tunnel 366. Upon receiving and decapsulating the packet, remote backbone node 358 determines that the packet is destined to the fabric in which switch 358 resides, based on the packet's destination fabric label. As a result, switch looks up the MAC DA in the packet's inner Ethernet header. Assuming that the destination end host 360, which corresponds to the packet's MAC DA, is coupled to switch 358, switch 358 can encapsulate the packet with a new tunnel header (i.e., IP/UDP headers corresponding to end host 360), which includes a new VXLAN header 376. Note that VXLAN header 376 may have the same VNI as VXLAN header 374, but without a network service header, since end host 310 is not part of the fabric to which switch 358 belongs. Upon receiving this packet, end host 360 can decapsulate the packet from the tunnel header and process the inner Ethernet packet.

Forwarding Information and Fabric Label

FIG. 4A presents a flowchart illustrating an exemplary process of a switch forwarding a packet received from an edge port, in accordance with an embodiment of the present invention. During operation, the switch receives a packet from an end host (operation 402). The switch can receive this packet from an edge port or an edge tunnel. The switch checks whether the switch has received the packet from an edge tunnel (operation 404). If the switch has received the packet from an edge tunnel, the switch decapsulates the edge tunnel encapsulation header (operation 406). If the switch has not received the packet from an edge tunnel or has decapsulated the edge tunnel encapsulation header, the switch checks whether the packet is destined for the local switch (operation 408).

If the switch operates as an IP gateway for an end host, the switch can be the destination for the packet. The switch then removes the header of the packet (e.g., the Ethernet header) and promotes the payload (e.g., an inner IP packet) to the upper layer (e.g., for IP processing) (operation 410). The payload thus becomes the packet. If the packet is not destined for the local switch or upon promoting to the upper layer, the switch obtains the fabric label and tunnel identifier mapped to the destination address of the packet (operation 412), as described in conjunction with FIG. 1C. The switch attaches a NSH to the packet and includes the obtained fabric label in the NSH as the destination label (operation 414). The switch also includes the local fabric label in the NSH as the source label (operation 416).

The switch then obtains the forwarding information indexed by the tunnel identifier (operation 418) and encapsulates the packet in a tunnel encapsulation header generated based on the obtained forwarding information (operation 420), as described in conjunction with FIG. 1C. This forwarding information can include the source and destination VTEP IP addresses of the tunnel, and a MAC address of the next-hop switch. The switch then forwards the encapsulated packet via the inter-fabric tunnel identified by the tunnel identifier (operation 422).

If the packet is destined to an end host reachable via a remote fabric, the switch forwards the packet to a backbone node. FIG. 4B presents a flowchart illustrating an exemplary process of a switch forwarding a packet received from a tunnel, in accordance with an embodiment of the present invention. During operation, the switch receives a packet via a tunnel (operation 432) and decapsulates encapsulation header to access the NSH of the packet (operation 434). The switch checks whether the destination label of the NSH is the local fabric label (operation 436).

If the destination label of the NSH is the local fabric label, the switch checks whether the destination address of the packet is locally reachable (operation 446). If the destination address is not locally reachable, the switch identifies an intra-fabric tunnel (i.e., the VTEP IP address) and its tunnel identifier associated with destination address of packet (operation 448). On the other hand, if the destination label of the NSH is not the local fabric label, the switch identifies an inter-fabric tunnel and its tunnel identifier associated with destination fabric label (operation 438).

Upon identifying an inter-fabric or intra-fabric tunnel for the packet (operation 438 or 448), the switch obtains the forwarding information indexed by the tunnel identifier of the identified tunnel (operation 440). The switch encapsulates the packet in a tunnel encapsulation header generated based on the obtained forwarding information (operation 442) and forwards the encapsulated packet via the tunnel identified by the tunnel identifier (operation 444).

If the destination address is locally reachable, the switch removes the NSH attached to the packet (operation 450) and checks whether the destination address of the packet is reachable via an edge tunnel (operation 452). If the destination address is reachable via an edge tunnel, the switch encapsulates the packet and forwards the encapsulated packet via the edge tunnel (operation 454). On the other hand, if the destination is not reachable via an edge tunnel, the switch forwards the packet via the edge port associated with the destination address of the packet (operation 456).

FIG. 4C presents a flowchart illustrating an exemplary process of a backbone node forwarding a multi-destination packet received from a tunnel, in accordance with an embodiment of the present invention. A multi-destination packet can be a broadcast, multicast, or unknown unicast packet. During operation, the node receives a multi-destination packet via an ingress tunnel (operation 462) and identifies an intra-fabric tunnel group associated with the ingress tunnel (operation 464). The node then precludes the local switch from forwarding via the identified intra-fabric tunnel group (operation 466). The node determines whether the node is in other edge fabrics (i.e., the node determines whether the node is in other intra-fabric tunnel groups) (operation 468).

If the node is in other edge fabrics, the node obtains the forwarding information associated with a respective tunnel in the intra-fabric tunnel group of the edge fabric (operation 470). The node encapsulates the packet in a tunnel encapsulation header for a respective tunnel in the intra-fabric tunnel group (operation 472) and forwards the encapsulated packet via the tunnel in the intra-fabric tunnel group (operation 474). The node then continues to determine whether the node is in other edge fabrics (operation 468).

If the node is not in other edge fabrics, the node obtains the forwarding information associated with a respective tunnel in the inter-fabric tunnel group of the backbone fabric (operation 476). The node encapsulates the packet in a tunnel encapsulation header for a respective tunnel in the inter-fabric tunnel group (operation 478) and forwards the encapsulated packet via the tunnel in the inter-fabric tunnel group (operation 480).

Multi-Chassis Link Aggregation Group (MLAG)

FIG. 5A illustrates an exemplary MLAG with a virtual tunnel endpoint, in accordance with an embodiment of the present invention. In this example, an end host 502 is coupled to two separate switches that are members of a fabric. The two separate physical links form an MLAG 504. From end host 502's perspective, MLAG 504 behaves like a conventional link aggregation group (LAG), and end host 502 can use both physical links in MLAG 504 as if they are connected to the same switch. The switches in MLAG 504 can be referred to as partner switches.

Furthermore, the two physical switches form a VTEP 506, which optionally can be identified by a virtual IP address. An inter-switch link 507 can be used by these two switches to exchange state information, such that in case of a link failure, one switch can take over the traffic previously carried by the failed link. During operation, end host 502 can establish an edge VXLAN tunnel 503 with VTEP 506. Furthermore, VTEP 506 can establish an intra-fabric tunnel 508 to any other switch within the same fabric. Note that both edge tunnel 503 and intra-fabric tunnel 508 can use VTEP 506's virtual IP address as their source IP. In other words, VTEP 506 can present itself like another switch in the fabric.

When switches in VTEP 506 attaches an NSH to a packet received via MLAG 504, the switch includes an MLAG identifier of MLAG 504 as the source label in the NSH. This allows the receiving VTEP of tunnel 508 to determine that the packet is originally received via MLAG 504. For example, if a backbone node receives a packet, the node can determine that the packet is received from MLAG 504 based on the source label in the NSH. The node then replaces the MLAG identifier with the fabric label of the ingress edge fabric and forwards the packet via an inter-fabric tunnel.

In some embodiments, the fabric labels and MLAG identifiers are allocated from different ranges. As a result, the node can determine that the source label is an MLAG identifier. In some further embodiments, a backbone node maintains a mapping between the virtual IP address of VTEP 506 and the MLAG identifier. When the node identifies the virtual IP address as the source IP address of the encapsulation header of a packet, the node determines that the source label of the NSH of the packet is an MLAG identifier.

FIG. 5B presents a flowchart illustrating an exemplary process of a switch forwarding a packet received from an MLAG, in accordance with an embodiment of the present invention. During operation, the switch receives a packet from the end host via the MLAG (operation 522) and checks whether the packet is destined for a partner switch (operation 524). If the packet is destined for the partner switch, the switch forwards the packet to the partner switch (operation 538), as described in conjunction with FIG. 4A. If the packet is not destined for the partner switch, the switch obtains the fabric label and tunnel identifier mapped to the destination address of the packet (operation 526), as described in conjunction with FIG. 4A. The switch attaches an NSH to the packet and includes the obtained fabric label in the NSH as the destination label (operation 528).

The switch also includes the MLAG identifier in the NSH as the source label (operation 530). The switch then obtains the forwarding information indexed by the tunnel identifier (operation 532) and encapsulates the packet in a tunnel encapsulation header generated based on the obtained forwarding information (operation 534), as described in conjunction with FIG. 1C. This forwarding information can include the source and destination VTEP IP addresses of the tunnel, and a MAC address of the next-hop switch. The switch then forwards the encapsulated packet via the inter-fabric tunnel identified by the tunnel identifier (operation 536).

FIG. 5C presents a flowchart illustrating an exemplary process of a backbone node forwarding a packet with an MLAG identifier, in accordance with an embodiment of the present invention. During operation, the switch receives a packet from an intra-fabric tunnel (operation 552) and identifies an MLAG identifier as the source label in the NSH (operation 554). The switch then replaces the MLAG identifier in the NSH with the fabric label of the ingress fabric switch (operation 556). The switch encapsulates the packet and forwards the encapsulated packet via a tunnel (operation 558), as described in conjunction with FIG. 4B.

Hierarchical Overlay Tunnels

FIG. 6 illustrates an exemplary configuration of a fabric switch based on hierarchical overlay tunnels, in accordance with an embodiment of the present invention. In this example, a fabric includes three VTEPs 607, 611, and 615. VTEP 607 is formed by switches 604 and 606, VTEP 611 is formed by switches 608 and 610, and VTEP 615 is formed by switches 612 and 614. An end host 602 is coupled to VTEP 607 via an MLAG 603, which is based on links to switches 604 and 606. In general, end host 602 can communicate with VTEP 607 via an edge tunnel 632. Similarly, an end host 603 is coupled to VTEP 611 via an MLAG 607, which is based on links to switches 608 and 610. End host 603 can communicate with VTEP 611 via an edge tunnel 634. In this example, VTEPs 607, 611, and 615 can be considered as logical units, which form the fabric.

Within the fabric, all the VTEPs can form a fully meshed logical topology using intra-fabric tunnels. Specifically, an intra-fabric tunnel 626 is formed between VTEPs 607 and 615; an intra-fabric tunnel 622 is formed between VTEPs 607 and 611; and an intra-fabric tunnel 624 is formed between VTEPs 611 and 615. In addition, VTEP 615 serves as a gateway VTEP to the backbone network, and can maintain one or more inter-fabric tunnels, such as inter-fabric tunnel 630.

Exemplary Switch

FIG. 7 illustrates an exemplary member switch in an IP-based fabric switch, in accordance with an embodiment of the present invention. In this example, a switch 700 can include a number of communication ports 702, a packet processor 710. Switch 700 also includes a processor 749, a storage device 750, a switch control apparatus 730, which includes a fabric label management apparatus 732. Switch 700 further includes a VTEP management apparatus 720, a tunnel management apparatus 722, a link aggregation apparatus 724, and a packet forwarding apparatus 726.

During operation, fabric label management apparatus is responsible for maintaining the mapping between MAC in a remote fabric and the corresponding remote fabric's label. In addition, switch control apparatus 730 is also responsible for maintaining a local MAC-to-VTEP mapping in the local fabric. VTEP management apparatus is responsible for maintaining the local VTEP state, such as obtaining and maintaining the virtual IP assigned to the VTEP, and mapping the VTEP's virtual IP to switch 700's own IP. Tunnel management apparatus 722 is responsible for maintaining the state of all edge, intra-fabric, and optionally inter-fabric tunnels. Specifically, tunnel management apparatus 722 can maintain a data structure that stores each tunnel's IP/UDP tuple information, and stores this data structure in storage device 750.

Link aggregation apparatus 724 is responsible for maintaining MLAGs with end hosts. Packet processor 710 is responsible for decapsulating and encapsulating packets. Packet forwarding apparatus 726 is responsible for determining what tunnel to use when forwarding a packet, and what headers to use before forwarding the packet onto an appropriate tunnel.

Note that aforementioned apparatuses can be implemented as instructions stored in storage device 750. When these instructions are executed by processor 749, they can cause the processor to perform one or more of the aforementioned methods.

To summarize, in embodiments of the present invention, the problem of building a versatile, cost-effective, and scalable layer-2 switching system is solved by forming a topology agnostic fabric switch based on an underlay layer-3 protocol with hierarchical overlay tunneling. This fabric switch architecture can include one or more fabric switches, interconnected by an underlay network that can be based on existing layer-3 and tunneling protocols, such as IP and VXLAN. Each fabric switch can include a number of physical switches, interconnected by a similar underlay network using the same layer-3 and tunneling protocols. The problem of handling a large number of MAC address in an extended layer-2 broadcast domain is solved by having a hierarchical tunneling mechanism and a label-based fabric-wise address aggregation mechanism.

The methods and processes described herein can be embodied as code and/or data, which can be stored in a computer-readable non-transitory storage medium. When a computer system reads and executes the code and/or data stored on the computer-readable non-transitory storage medium, the computer system performs the methods and processes embodied as data structures and code and stored within the medium.

The methods and processes described herein can be executed by and/or included in hardware modules or apparatus. These modules or apparatus may include, but are not limited to, an application-specific integrated circuit (ASIC) chip, a field-programmable gate array (FPGA), a dedicated or shared processor that executes a particular software module or a piece of code at a particular time, and/or other programmable-logic devices now known or later developed. When the hardware modules or apparatus are activated, they perform the methods and processes included within them.

The foregoing descriptions of embodiments of the present invention have been presented only for purposes of illustration and description. They are not intended to be exhaustive or to limit this disclosure. Accordingly, many modifications and variations will be apparent to practitioners skilled in the art. The scope of the present invention is defined by the appended claims.

Claims (20)

What is claimed is:

1. A switch, comprising:

tunnel circuitry configured to maintain a local inter-switch tunnel and an inter-fabric tunnel, wherein the inter-switch tunnel facilitates communication between the switch and a second switch in a first network of interconnected switches, and wherein the inter-fabric tunnel facilitates communication to a third switch in a second network of interconnected switches; and

header circuitry configured to decapsulate a first encapsulation header of a packet received from the inter-switch tunnel and encapsulate the packet with a second encapsulation header for transmission over the inter-fabric tunnel, wherein the first and second encapsulation headers include a first and a second fabric identifiers, which identify the first and second networks of interconnected switches, respectively.

2. The switch of claim 1, wherein the tunnel circuitry is further configured to manage an edge tunnel, which facilitates communication between the switch and an end host.

3. The switch of claim 1, wherein the second fabric identifier in the second encapsulation header indicates a destination of the second encapsulation header.

4. The switch of claim 1, wherein the second encapsulation header includes a network service header.

5. The switch of claim 1, further comprising a storage device configured to store a data structure, which stores a mapping between a medium access control (MAC) address and a virtual tunnel endpoint.

6. The switch of claim 1, further comprising a storage device configured to store a data structure, which stores a mapping between a MAC address and the second fabric identifier.

7. The switch of claim 1, further comprising forwarding circuitry configured to preclude a second packet received from the inter-switch tunnel from being forwarded onto a second inter-switch tunnel between the switch and a fourth switch in the first network of interconnected switches.

8. The switch of claim 1, further comprising forwarding circuitry configured to load a MAC address in forwarding hardware of the switch in response to identifying the MAC address in a packet.

9. A method, comprising:

maintaining a inter-switch tunnel and an inter-fabric tunnel, wherein the inter-switch tunnel facilitates communication between a switch and a second switch in a first network of interconnected switches, and wherein the inter-fabric tunnel facilitates communication to a third switch in a second network of interconnected switches;

decapsulating a first encapsulation header of a packet received from the inter-switch tunnel; and

encapsulating the packet with a second encapsulation header for transmission over the inter-fabric tunnel, wherein the first and second encapsulation headers include a first and a second fabric identifiers, which identify the first and second networks of interconnected switches, respectively.

10. The method of claim 9, further comprising managing an edge tunnel, which facilitates communication between the switch and an end host.

11. The method of claim 9, wherein the second fabric identifier in the second encapsulation header indicates a destination of the second encapsulation header.

12. The method of claim 9, wherein the second encapsulation header includes a network service header.

13. The method of claim 9, further comprising storing, in a storage device of the switch, a mapping between a medium access control (MAC) address and a virtual tunnel endpoint.

14. The method of claim 9, further comprising storing a mapping between a MAC address and the second fabric identifier.

15. The method of claim 9, further comprising precluding a second packet received from the inter-switch tunnel from being forwarded onto a second inter-switch tunnel between the switch and a fourth switch in the first network of interconnected switches.

16. The method of claim 9, further comprising loading a MAC address in forwarding hardware of the switch in response identifying the MAC address in a packet.

17. A computing system, comprising:

a processor;

a non-transitory computer-readable storage medium storing instructions which when executed by the processor causes the processor to perform a method, the method comprising:

maintaining an inter-switch tunnel and an inter-fabric tunnel, wherein the inter-switch tunnel facilitates communication between the computing system and a second computing system in a first network of interconnected switches, and wherein the inter-fabric tunnel facilitates communication to a third computing system in a second network of interconnected switches;

decapsulating a first encapsulation header of a packet received from the inter-switch tunnel; and

encapsulating the packet with a second encapsulation header for transmission over the inter-fabric tunnel, wherein the first and second encapsulation headers include a first and a second fabric identifiers, which identify the first and second networks of interconnected switches, respectively.

18. The computing system of claim 17, wherein the method further comprises managing an edge tunnel, which facilitates communication between the computing system and an end host.

19. The computing system of claim 17, wherein the second fabric identifier in the second encapsulation header indicates a destination of the second encapsulation header.

20. The computing system of claim 17, wherein the second encapsulation header includes a network service header.

US15/005,9462015-12-072016-01-25Interconnection of switches based on hierarchical overlay tunneling
Active2036-05-15US9912614B2
(en)